Export limit exceeded: 74732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74732 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54230 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-02-26 | 7.8 High |
| Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43887 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-26 | 7 High |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-8879 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) | ||||
| CVE-2025-10200 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2025-8880 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-10201 | 2 Google, Linux | 5 Android, Chrome, Chrome Os and 2 more | 2026-02-26 | 8.8 High |
| Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-8941 | 1 Redhat | 13 Cert Manager, Confidential Compute Attestation, Discovery and 10 more | 2026-02-26 | 7.8 High |
| A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. | ||||
| CVE-2025-36222 | 1 Ibm | 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx | 2026-02-26 | 8.7 High |
| IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions. | ||||
| CVE-2025-48500 | 2 Apple, F5 | 5 Macos, Big-ip, Big-ip Access Policy Manager and 2 more | 2026-02-26 | 7.3 High |
| A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-55319 | 1 Microsoft | 1 Visual Studio Code | 2026-02-26 | 8.8 High |
| Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-21042 | 1 Samsung | 2 Android, Mobile Devices | 2026-02-26 | 8.8 High |
| Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. | ||||
| CVE-2025-21043 | 1 Samsung | 2 Android, Mobile Devices | 2026-02-26 | 8.8 High |
| Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code. | ||||
| CVE-2025-8904 | 1 Amazon | 1 Emr | 2026-02-26 | 8.5 High |
| Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below. | ||||
| CVE-2025-27240 | 1 Zabbix | 1 Zabbix | 2026-02-26 | 7.2 High |
| A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field. | ||||
| CVE-2025-23303 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-23304 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2026-02-26 | 7.8 High |
| NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. | ||||
| CVE-2025-23295 | 1 Nvidia | 1 Apex | 2026-02-26 | 7.8 High |
| NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-3025 | 2 Gen Digital, Microsoft | 2 Ccleaner, Windows | 2026-02-26 | 7.3 High |
| Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before < 6.36.11508. | ||||
| CVE-2025-10491 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2026-02-26 | 7.8 High |
| The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5 | ||||
| CVE-2025-48860 | 1 Bosch | 1 Ctrlx Os | 2026-02-26 | 8 High |
| A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data. | ||||